Mobile threats, clickjacking and watering hole attacks to make 2014 a busy year in security

London, 9th December 2013 - Watering hole attacks, clickjacking and mobile threats will all loom large in 2014, with cyber criminals increasingly using targeted attack methodologies in their campaigns and hiding themselves in the Deep Web, according to Trend Micro. The internet security firm’s predictions for 2014 echo its recent forward-looking web video project, 2020: the Series, which took a ground-breaking look at what threats may face us at the end of the decade.

In the nearer term, 2014 promises to be a “prolific year for cybercrime”, impacting businesses, governments and individuals alike, according to Trend Micro CTO Raimund Genes.
Techniques like open source research and spear phishing which are normally limited to targeted attacks will become increasingly popular next year as the cyber underground shares best practice knowledge.

When it comes to targeted attacks, we’ll see more watering hole attacks – where victims are lured to an infected site with social engineering – and clickjacking in the on-going race to compromise machines.

Mobile threats have been building for some time now, and in 2014 these smart devices will be under fire from both targeted attacks and mobile banking, where basic two-step verification is no longer sufficient to stay safe. Man-in-the-middle attacks and malicious apps will pose a growing threat to consumers and corporate smartphone users.

“Technology advances only more rapidly and attackers are consistently just behind the crest of that innovation, waiting for widespread consumer adoption of new gadgets, new platforms or new ways of doing things”, said Rik Ferguson, VP of security research at Trend Micro. “Mobile banking apps have only recently become the norm (as opposed to simply receiving an authorisation code via SMS) and we fully expect to see criminals looking for avenues of exploitation, particularly given the direct relationship to finances. Other emerging technologies, such as the AR headsets expected to be released by multiple manufacturers over the coming 12 months will need also to reach this tipping point before widespread attacks begin. However, given the wide-ranging data collection possibilities and their highly interconnected nature, long-term these devices will be firmly in the criminal sights.”

In fact, cyber criminals will use any means possible to infiltrate networks and steal valuable data. This means wearable technology such as smart watches could be at risk in 2014. It will also mean a pick-up in attacks on software like Windows XP and Java 6 as they become unsupported. Embedded systems like point-of-sale (PoS) terminals, healthcare devices, and critical infrastructure, running old and unsupported Windows versions are particularly at risk.

Major data breaches will continue in 2014, averaging one every month, but the perpetrators will get even better at hiding themselves in the Deep Web with tools like TOR.
Law enforcers will have a harder time tracking down these cyber criminals next year as they burrow even deeper into the darknet. One area where we’re not likely to see any widespread threats next year is the emerging “Internet of Things” (IoT), mainly because it is still developing. Cyber criminals are likely waiting for a killer IoT app to exploit and as yet one has not emerged.

Beyond 2014, however, augmented reality headsets could become the next big thing for the cyber underground to target. The built-in camera, for example, could be hacked and used to spy on a victim, extracting sensitive personal information like online log-ins and banking PINs.

Expect isolated attacks in this area to begin in as little as a couple of years.

About Trend Micro
Trend Micro Incorporated (TYO: 4704), a global leader in security software, strives to make the world safe for exchanging digital information. Our solutions for consumers, Trend Micro™ Smart Protection Network™ provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. Leveraging these solutions, organizations can protect their end users, their evolving data center and cloud resources, and their information threatened by sophisticated targeted attacks.